Outsourcing technology is a ‘systemic risk’ for banks

By Paddy Smith
In the wake of the Wirecard scandal, financial institutions are being warned that outsourcing technology services to a small group of suppliers is risky...

The Financial Stability Board (FSB) has warned banks about the “possibility of systemic risk” from outsourcing to a few third-party technology companies.

In the wake of the Wirecard scandal, the FSB raised concern over a trend for financial institutions collectively to use fewer third-party technology providers. It suggests that a fault in one third party could cause financial instability.

In its discussion paper – Regulatory and Supervisory Issues Relating to Outsourcing and Third-Party Relationships – the FSB said, “A common concern... is the possibility of systemic risk arising from concentration in the provision of some outsourced and third-party services to [financial institutions]. These risks may become higher as the number of FIs receiving critical services from a given third party increases.

“Systemic risk could arise if, for instance, a sufficiently large number of FIs (or a single systemic FI) became dependent on one or a small number of outsourced or third-party service providers for the provision of critical services that were impossible or very difficult to substitute effectively and in an appropriate timeframe, for instance due to limitations in the capacity of alternative third parties or other back-up solutions.

Cloud 'resilience options’

“A major disruption, outage or failure at one of these third parties could create a single point of failure with potential adverse consequences for financial stability and/or the safety and soundness of multiple FIs. The ultimate impact would depend on the specific services being provided, the criticality and substitutability of those services, and the mitigation plans in place by FIs and the third party in question.

“Industry practice on mitigation plans is evolving rapidly and encompasses an ever-growing range of contractual, practical and technological approaches. For instance, retaining the ability to bring data or applications back on-premises in a way that ensure continuous adequate performance; creating and securing back-up copies of sensitive data, using of multiple or back-up vendors or, in the case of cloud outsourcing, using one or more resilience options.

“While mapping and understanding the system-wide effects of third-party dependencies is not a new issue, it remains an evolving area for supervisory authorities due to the heterogeneity of services provided and the changing ecosystem. Given the cross-border nature of this dependency, supervisory authorities and third parties could particularly benefit from enhanced dialogue on this issue.”

The paper also mentions that the trend towards fewer third-party technology platforms was being accelerated by the Covid-19 pandemic.

What’s it got to do with Wirecard?

Wirecard was a third-party payment processor that hit the headlines after an accounting scandal was unearthed by journalists at the Financial Times. The UK’s Financial Conduct Authority ordered Wirecard Card Solutions to cease operating pending an investigation, with the knock-on effect that millions of customers’ bank cards stopped working. The FSB paper doesn’t mention Wirecard – however, it’s exactly the sort of scenario the paper is designed to highlight.


Featured Articles

Yves Bernaert new CEO of digital transformation leader Atos

French IT leader Atos has announced former Europe CEO of Accenture Technology Yves Bernaert as its new CEO with the goal of leading its transformation plan

Bain: Those who ‘wait and see’ on AI risk being left behind

Bain & Company's latest Global Technology Report finds the current generation of AI tools and models could help companies speed up 20% of worker tasks

How AI transformation is changing the marketing world

Nearly two in three marketers said they fear AI may replace their jobs in the next five years, and three in four say AI tools will impact their pay

NTT and Qualcomm team up to drive AI at the edge

AI & Machine Learning

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Cloud & Cybersecurity

Google at 25: From a Search pioneer to AI breakthroughs

Digital Transformation